So continuing with our Alpha PoC, and working through ACLs, for Groups, Images and Templates, we are now in a position, a user to login, bunch of templates they can deploy for their modules, we have predefined, so all is good, BUT
We only want users to deploy a 4 vCPU, 4GB, 50GB disk, with networking as is - how do we restrict so they cannot change these values, we would want a user defining and using 256GB RAM on the host ? We are really trying to model ESXi, but with an portal interface.
I read this
but we are using the interface, so wondered in this is relevant, because appears not work work, if we adjust the templates.
EDIT - This is probably solved, well restricting user-input isn’t it’s bugged it works in the old Sunstone interface but not in Fireedge. Anyway we’ve created a custom view which works of sort.
From what I could investigate, OpenNebula has a restricted attribute mechanism (configured in oned.conf) that decides which attributes users cannot modify if they are not privileged (e.g., not in the oneadmin group). This includes things like CPU, memory, disk size, etc.
As you have mentioned, a custom view/workflow where you don’t expose controls for those fields is a valid workaround for now. Let us know if you want to continue here, or prefer the other topic to check alternatives.